Jump to content
7strings

Ledger Nano and Blue hacked by ethical hackers

Recommended Posts

Ledger is scaring me lately. The link for the TRX wallet app on their site contained a virus/malware. I just got a response back from them today saying they took the link with the virus off of their website. Thankfully I did not proceed with the installation but others in the TRX community may not have been so fortunate. 

D249A65B-EDCA-4A98-9559-A3A401456E4A.png

Share this post


Link to post
Share on other sites
1 hour ago, Paulo said:

Ledger is scaring me lately. The link for the TRX wallet app on their site contained a virus/malware. I just got a response back from them today saying they took the link with the virus off of their website. Thankfully I did not proceed with the installation but others in the TRX community may not have been so fortunate. 

D249A65B-EDCA-4A98-9559-A3A401456E4A.png

After watching the whole demonstration and reading Ledger's answer @XRP-JAG posted above I think these vulnerabilities are luckily a non-issue in real-life situations. 

However your case also shows that Ledger's security standards could be much lower in reality than they claim.

Edited by 7strings

Share this post


Link to post
Share on other sites
3 minutes ago, 7strings said:

After watching the whole demonstration and reading Ledger's answer @XRP-JAG posted above I think these vulnerabilities are luckily a non-issue in real-live situations.

However your case also shows that Ledger's security standards could be much lower than they claim

Hopefully these are non-issues, yes you are right. Now they are doing damage control. Here's a link to a reddit thread on the subject. I am surprised more people aren't talking about this.

 

Share this post


Link to post
Share on other sites
On 12/29/2018 at 6:54 AM, LordVetinari said:

These are not script kiddes. If something can be hacked, it will be. I'm very glad to see these guys are shedding light on vulnerabilities. This was inevitable and is necessary. Not comforting but necessary. 

The thing is, it's never a case of "if", but "when" it will be hacked.

I haven't watched the videos yet, but I'm gonna assume your funds on the Nano S are still currently "unhakable" provided it's sitting in your safe at home.

Most hacks of well encrypted devices require direct and unrestricted access to said device.

These people aren't going to be able to remotely break into your Nano and steal your funds.

Share this post


Link to post
Share on other sites

So what I read between the lines from all this fuss:

If you're using a hardware wallet such as the Nano S, don't become careless because your secret is reasonably safe:

  • Only use your ledger on a trusted machine
  • Don't leave your hardware unsupervised in someones hands
  • Know what the hardware ledger can protect you against, but more important, know against which attacks it CANT protect.
  • Consider if you really need a hardware wallet, if you want to use it as cold storage, there are better solutions IMHO

An attacker doesn't need your secret to steal your stash, he needs a valid signature on a malicious transaction.

Share this post


Link to post
Share on other sites
50 minutes ago, XRP-JAG said:

What would you say is better?

If you're not trading? One or more offline generated paper wallets, put them in a secure locker in a bank. That's way better than having a Ledger S recovery phrase laying around  somewhere in your home (which is almost the equivalent of having your secret, even if you don't have access to the hardware ledger).

Share this post


Link to post
Share on other sites
1 hour ago, fluxw42 said:

If you're not trading? One or more offline generated paper wallets, put them in a secure locker in a bank. That's way better than having a Ledger S recovery phrase laying around  somewhere in your home (which is almost the equivalent of having your secret, even if you don't have access to the hardware ledger).

Suppose you need to weight up the risks and costs. Looking maybe £250 per year for a bank locker. There still remains the risk of physical theft or destruction.

Paper wallet does also mean you need to have your seed shown on the computer atleast twice.

Nano and or seed words are vulnerable to physical theft at home... but currently your average house robber is not going to know what your list means. I’d be more concerned about house fire etc.

Current best option really is most likely a hardware wallet, with seed words stored in multiple secure locations - preferably disguised too. But, then your assets disappear with your memory / demise... unless you then entrust other(s).

You’ll know when we mainstream when your high street bank offers insured custody for crypto assists.

Share this post


Link to post
Share on other sites
5 minutes ago, XRP-JAG said:

Looking maybe £250 per year for a bank locker.

Wow that's expensive :blink: Definitely cheaper over here: I use a locker in a bank and it costs me 35€ a year, that's peanuts compared to what you could lose.

Share this post


Link to post
Share on other sites
19 minutes ago, fluxw42 said:

Wow that's expensive :blink: Definitely cheaper over here: I use a locker in a bank and it costs me 35€ a year, that's peanuts compared to what you could lose.

Maybe better price if shop around, but that was first price I found:

https://www.metrobankonline.co.uk/safe-deposit-boxes/

Not quite sure what kind of level security that gets you, my local ‘Metro’ was just a shop on the high street... fairly confident that they’ll not have a huge movie style bank vault in there!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...